Personal blog of Atanas ("A.T.") Entchev

I was phished

[UPDATE April 9, 2017] No response from Google, so I will provide a general description of what happened and close this incident in my book.

Someone was able to post a fake job opening for my company on two of the major job sites. Unclear to what end. I realized what was happening when I began receiving hundreds of job applications. I saw the posting — it was very well, professionally written. I reached out to both job sites. One responded immediately, took the posting down, and helped mitigate the impact. The other gave me a canned response two days later, saying they are investigating.

For this posting to have happened someone must have gained control of my company’s general email account. I suspect that this may have happened via a feature in Gmail, which is why I reached out to Google.

Case closed as unresolved.

***

I was phished, successfully, even though I thought I was impervious to such things. In my defense I will say that I didn’t do anything wrong (I think), and I followed all the rules (I think). It appears that my attackers’ deed was facilitated (unintentionally and unknowingly, I’m sure) by Google.

I have alerted Google to the incident. I will post further details if and when Google assures me that it is safe to do so.